mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-26 21:45:20 +02:00
Kevin Veen-Birkenbach
a10dd402b8
- Improved get_service_name filter plugin (clearer suffix handling, consistent var names). - Added MODE_ASSERT flag to optionally execute validation/assertion tasks. - Fixed systemd unit handling: consistent use of %I instead of %i, correct escaping of instance names. - Unified on_failure behavior and alarm composer scripts. - Cleaned up redundant logging, handlers, and debug config. - Strengthened sys-service template resolution with assert (only active when MODE_ASSERT). - Simplified timer and suffix handling with get_service_name filter. - Hardened sensitive tasks with no_log. - Added conditional asserts across roles (Keycloak, DNS, Mailu, Discourse, etc.). These changes improve consistency, safety, and validation across the automation stack. Conversation: https://chatgpt.com/share/68a4ae28-483c-800f-b2f7-f64c7124c274
106 lines
4.0 KiB
YAML
106 lines
4.0 KiB
YAML
---
|
|
# run_once_sys_dns_cloudflare_records: deactivated
|
|
|
|
- name: Assert token
|
|
ansible.builtin.assert:
|
|
that: [ "CLOUDFLARE_API_TOKEN | length > 0" ]
|
|
no_log: "{{ cloudflare_no_log | bool }}"
|
|
when: MODE_ASSERT | bool
|
|
|
|
- name: Apply A/AAAA
|
|
community.general.cloudflare_dns:
|
|
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
|
|
zone: "{{ item.zone }}"
|
|
type: "{{ item.type }}"
|
|
name: "{{ item.name }}"
|
|
content: "{{ item.content }}"
|
|
proxied: "{{ item.proxied | default(false) }}"
|
|
ttl: "{{ item.ttl | default(1) }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ cloudflare_records | selectattr('type','in',['A','AAAA']) | list }}"
|
|
loop_control: { label: "{{ item.type }} {{ item.name }} -> {{ item.content }}" }
|
|
async: "{{ cloudflare_async_enabled | ternary(cloudflare_async_time, omit) }}"
|
|
poll: "{{ cloudflare_async_enabled | ternary(cloudflare_async_poll, omit) }}"
|
|
no_log: "{{ cloudflare_no_log | bool }}"
|
|
register: _cf_call
|
|
failed_when: >
|
|
_cf_call is failed and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
)
|
|
changed_when: >
|
|
(_cf_call.changed | default(false)) and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
)
|
|
|
|
- name: Apply CNAME/MX/TXT
|
|
community.general.cloudflare_dns:
|
|
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
|
|
zone: "{{ item.zone }}"
|
|
type: "{{ item.type }}"
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
ttl: "{{ item.ttl | default(1) }}"
|
|
priority: "{{ (item.type == 'MX') | ternary(item.priority | default(10), omit) }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ cloudflare_records | selectattr('type','in',['CNAME','MX','TXT']) | list }}"
|
|
loop_control: { label: "{{ item.type }} {{ item.name }} -> {{ item.value }}" }
|
|
async: "{{ cloudflare_async_enabled | ternary(cloudflare_async_time, omit) }}"
|
|
poll: "{{ cloudflare_async_enabled | ternary(cloudflare_async_poll, omit) }}"
|
|
no_log: "{{ cloudflare_no_log | bool }}"
|
|
register: _cf_call
|
|
failed_when: >
|
|
_cf_call is failed and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
)
|
|
changed_when: >
|
|
(_cf_call.changed | default(false)) and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
)
|
|
|
|
- name: Apply SRV
|
|
community.general.cloudflare_dns:
|
|
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
|
|
zone: "{{ item.zone }}"
|
|
type: SRV
|
|
service: "{{ item.service }}"
|
|
proto: "{{ item.proto }}"
|
|
name: "{{ item.name }}"
|
|
priority: "{{ item.priority }}"
|
|
weight: "{{ item.weight }}"
|
|
port: "{{ item.port }}"
|
|
value: "{{ item.value }}"
|
|
ttl: "{{ item.ttl | default(1) }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
loop: "{{ cloudflare_records | selectattr('type','equalto','SRV') | list }}"
|
|
loop_control: { label: "SRV {{ item.service }}.{{ item.proto }} {{ item.name }} -> {{ item.value }}:{{ item.port }}" }
|
|
ignore_errors: "{{ item.ignore_errors | default(true) }}"
|
|
async: "{{ cloudflare_async_enabled | ternary(cloudflare_async_time, omit) }}"
|
|
poll: "{{ cloudflare_async_enabled | ternary(cloudflare_async_poll, omit) }}"
|
|
no_log: "{{ cloudflare_no_log | bool }}"
|
|
register: _cf_call
|
|
failed_when: >
|
|
_cf_call is failed and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
)
|
|
changed_when: >
|
|
(_cf_call.changed | default(false)) and
|
|
(
|
|
('An identical record already exists' not in (_cf_call.msg | default('') | string))
|
|
and
|
|
('81058' not in (_cf_call.msg | default('') | string))
|
|
) |